[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [dss] Authentication Token
At 12:46 PM 10/27/2004 -0400, Ed Shallow wrote: >[...] > I do not think that the subtle semantic difference between > ClaimedIdentity (now with SupportingInfo) and RequesterIdentity (always > had SupportingInfo) is worth distinct and separate naming. I like your previous proposal better. RequesterIdentity and ClaimedIdentity have pretty different functions: - RequesterIdentity goes in signature, says "this guy requested the signature be produced (and here's other public info about him)" - ClaimedIdentity goes in protocol, says "I'm requesting a signature be produced (and here's other data about me which proves my identity and proves I assent to this request" The supporting info has very different roles - in the 1st case, it's public (e.g. a certificate), in the latter case, it may be private and tied to the protocol request (e.g. a signature, PSTP signature, MAC, etc.). So I think making the structures similar but not identical, like you first proposed, is the best approach. Trevor
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]